Enterprise AI Must Enforce Participant-Aware Access Control
Part of:Context Engineering
The line in the sand. They show adversaries extracting confidential data through fine-tuning and RAG, and that probabilistic defences (prompt sanitisation, output filtering) do not hold. The proposed rule is deterministic: nothing enters training, retrieval or generation unless every participant in the interaction is explicitly authorised to see it. The strictest formulation of need-to-know for AI systems, and the standard the rest of this list should be measured against.